Tags › conferences
Sandro Gauci, Enable Security
Killing bugs … one vulnerability report at a time
Last updated on Oct 29, 2021 in freeswitch, voip security, conferences, denial of service, sipvicious pro
Executive summary (TL;DR) We tell the story behind the latest FreeSWITCH advisories and how it all came together one sleepless night in April 2021 so that we ended up with 4 vulnerabilities that needed reporting. And then, one more vulnerability found due to a bug in our own software, SIPVicious PRO. We explain how these flaws were discovered, reported, fixed and what we ultimately learned through this process. What is this about?…
Read more »One presentation at ClueCon and five security advisories for FreeSWITCH
Published on Oct 25, 2021 in freeswitch, voip security, conferences, denial of service, sipvicious pro
The FreeSWITCH team has just published version v1.10.7 which fixes a number of security issues that we reported. If you use FreeSWITCH, please do upgrade to get these security updates. To learn about the background work that went into getting these security bugs squashed, follow Sandro’s talk called Killing bugs … one vulnerability report at a time. This will be presented at at ClueCon on Thursday, October 28th. Here are the titles of each advisory and a very short summary:…
Read more »Sandro Gauci, Enable Security
ClueCon Weekly with Sandro Gauci, demonstration of SIP Digest Leak
Published on Oct 16, 2020 in conferences, sip security, sip security testing
ClueCon weekly is a regular video by the people behind Freeswitch and Signalwire, hosted by the very friendly David Duffet. I had the pleasure of recording an interview and a presentation with David a few weeks back. If you would like a summary of what the video chat was about, scroll down to the points below. Otherwise, hope you enjoy the chat as much as I did! Summary Here’s an outline of what went on:…
Read more »Sandro Gauci, Enable Security
RTC Security chat at Kamailio World Online with Daniel and Olle
Published on Oct 5, 2020 in conferences, kamailio, voip security, webrtc security, sip security testing
It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…
Read more »Kamailio World Online SIP and VoIP Security Panel
Published on Aug 27, 2020 in sip security, conferences, webrtc security, voip security, kamailio
On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…
Read more »New Mascot and Tshirts!! and .. Kamailio World 2016 - 9 Years Of Friendly Scanning And Vicious SIP
Published on May 24, 2016 in conferences, sipvicious oss, sip security
On the presentation Last week I had the pleasure of presenting something new at Kamailio World 2016. Great community and excellent feedback! The presentation went through the following: How and why SIPVicious was originally written and published Those strange emails and phone calls asking for special version ;-) RIPE’s 1.1.1.0/24 experiment and how it was interesting in terms of SIP security Sality pushing modified versions of SIPVicious Attackers making use of insecure Tandberg systems to install SIPVicious SVCrash - why it was published and how it worked Security updates from the VoIP and PBX industry Rewriting SIPVicious (various fails) What happened since then and what I’ve been using during VoIP pentests that involve SIP 2016, yet another rewrite on the way New features in this latest rewrite attempt and how they show some important security issues Some parts were sped up due to the limited time that I had for my presentation, but I think the main points were delivered.…
Read more »AstriCon roundup and vendors adding security features
Published on Oct 29, 2010 in asterisk, conferences, sip security
So I’ve finally been to AstriCon and I noticed a great increased interest amongst the attendees with regards to security, fraud and “hacking”. The slides for my presentation titled “Just how vulnerable is your phone system” can be downloaded from this location. So what are the changes and additions from the software developer’s side? Asterisk 1.8 has been released touting TLS support for SIP and SRTP support too, plus a framework to make auditing easier 3CX havereleased a major security update with features to make it easier to set proper passwords I just received an email from Brekeke highlighting their security pageon their wiki which was originally published on March 11, 2009 What accounts for these changes?…
Read more »BruCON Training: Module 4, Attacking Unified Communications
Published on Sep 7, 2010 in conferences, voip security, trainings
The final module in the upcoming pentesting VoIP crashcourse is the most exciting one. In this section we look at VoIP systems as a whole. Unified communications is one of those words that have been hyped up to include everything, from chat to video phone calls and SMS. What we will look at in this section is how to go about breaking into the following during a penetration test: Web application security flaws in Asterisk-based PBX servers Attacking various services open in PBX servers, such as TFTP How once you’re on a PBX network, you can sometimes simply use your phone to spy on other phone calls How to make use of hardware taps Hardware phone features that can be abused Abuse of various exposed features in Cisco call manager accessible on the HTTP server This module will help familiarize the attendees with the target servers and system.…
Read more »BruCON Training: Module 3, Attacking the media
Published on Sep 2, 2010 in trainings, conferences, voip security
This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. We trust our phones with our sensitive data more than most other forms of communications. We may not trust sending our credit card number by email to the hotel. In the end we give it to them on the phone anyway, and it may not matter if the phone is a mobile phone or a VoIP phone.…
Read more »BruCON Training: Module 2, Attacking signaling protocols
Published on Sep 1, 2010 in conferences, voip security, trainings
This is part of the BruCON VoIP security crash course training intro. For more information about the course and to secure a place, check out the BruCON website. Most VoIP systems perform signaling using a protocol separate than the media transfer protocol. Signaling protocols allow VoIP systems to register, authenticate, and initiate phone calls and tends to carry a lot of intelligence with it. In this part of the training, Joffrey and myself will talk you through the following different signaling protocols and attacks that apply to these protocols:…
Read more »